Skip to content

Latest commit

 

History

History
58 lines (38 loc) · 3.31 KB

release-notes-v1.1.6.md

File metadata and controls

58 lines (38 loc) · 3.31 KB
Raw

v1.1.6

This release contains a reference implementation of FIDO Device Onboard (FDO) Specification.

It includes the below components:

  • Protocol Reference Implementation (PRI): pri-fidoiot is a JAVA based implementation of all the components specified in the FDO Specification. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, ECDSA NIST P-384, RSA2048RESTR, and Intel EPID 1.1.
    • Key Exchanges: ECDH256, ECDH384, ASYMKEX2048, ASYMKEX3072, DHKEXid14, and DHKEXid15.
    • Ciphers: AES128/CTR/HMAC-SHA256, AES128/HMAC-SHA256, AES256/CTR/HMAC-SHA384, AES256/HMAC-SHA384, AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, AES256GCM, and RSA/NONE/OAEPWithSHA256AndMGF1Padding.
    • Public Key Encoding: Crypto, X509, COSEKey , X5 Chain.
    • COSE Signature Types: ES256, ES384, RS2048.

  • Client SDK: client-sdk-fidoiot is a C based implementation for the device component specified in the FDO Specification. Additionally, it supports an implementation of the device that uses the TPM infrastructure. It supports the following cryptographic modes.

    • Signing keys: ECDSA NIST P-256, and ECDSA NIST P-384
    • Key Exchanges: ECDH256, and ECDH384
    • Ciphers: AES-CCM-64-128-128, AES-CCM-64-128-256, AES128GCM, and AES256GCM.
    • Public Key Encoding: X509.
    • COSE Signature Types: ES256, and ES384.

  • EPID Verification Service: epid-verification-service is a wrapper service written on top of the EPID SDK to assist the FDO Rendezvous service and FDO Owner service to perform device signature verification for EPID based devices.

New Features

client-sdk-fidoiot, pri-fidoiot: Support for http2 has been added.

pri-fidoiot: Support added for Java 17.

Changes to existing features

client-sdk-fidoiot: SNI is now enabled by default and can be disabled based on compile time option.

Fixed Issues

epid-verification-service, pri-fidoiot: The version of third-party dependencies have been updated.

Known Issues

client-sdk-fidoiot: Sporadic failure with continuous, repeated usage of CSDK built with Intel® CSE without pause. This is tracked through the GitHub issue client-sdk-fidoiot#226.

SHA256 checksum for release binaries

Following SHA256 checksum is calculated using sha256sum tool

3a9ab8550b0d633b39d1c1cc289c8f9cbab598bac2821b33219477bf0ca60537 - client-sdk-fidoiot-v1.1.6.tar.gz
7e9a697805ccf815b660799631bba93c4179242e52a9d02fe989ca07ea11ec3e - pri-fidoiot-v1.1.6.tar.gz
edb8d6db725fa84cc646099539b3016f51bb9ea4706493bf953cc6091d9a92d3 - epid-verification-service-v1.1.6.tar.gz
036b79df7485ec14dfbc5953dd7f5ad6bf7ae8b0dbc60e63bbba42254583c692 - NOTICES-v1.1.6.tar.gz
b74eb98bfc1e8e020b392f132f9f17036f564eb4f03ad228ddbaba90a3b83beb - third-party-components.tar.gz

Documentation

https://fido-device-onboard.github.io/docs-fidoiot/1.1.6

Please ignore Source code zip/tar.gz files. These are default artifacts generated during GitHub Release process.